Home / os / winmobile

Open Audit SQL Injection

Posted on 11 December 2015

Exploit Title : Open Audit(GPL version) SQL injection vulnerability Author : WICS Date : 9/12/2015 Software Link : https://github.com/jonabbey/open-audit Overview: delete_missed_audit.php is accessible without authentication and GET Method parameter pc is not getting filter before passing to SQL query. Vulnerable code if (isset($_GET['pc'])) { $link = mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect"); mysql_select_db("$mysql_database") or die("Could not select database"); $query = "select system_name from system where system_uuid='" . $_GET['pc'] . "'"; $result = mysql_query($query) or die("Query failed at retrieve system name stage."); $myrow = mysql_fetch_array($result); $name = $myrow['system_name']; POC Vulnerable URL https://github.com/jonabbey/open-audit/blob/master/delete_missed_audit.php?pc=SQL_Injection

 

TOP